[ISN] Reporters booted from Black Hat for hacking

[InfoSec News]

http://www.tgdaily.com/content/view/38794/108/

By Humphrey Cheung    
TG Daily
August 07, 2008 

Las Vegas (NV) – Three French reporters attending the Black Hat computer 
security conference have been banned for life for sniffing the press 
room network.  The hackers worked for a French security publication 
called Global Security Magazine and admitted to capturing login 
information of two other reporters covering the convention.  Our legal 
sources tell us the three could face federal charges for wiretapping.

We’ve spoken to the two victims who are reporters from CNET and eWEEK.  
They told us the French reporters sneakily “huddled over their 
computers” while plugged into the Netgear Ethernet switches in the press 
room.  The trio were also seen using an AirPcap USB capture card to 
sniff wireless traffic.

The French reporters captured traffic and then showed their results to 
the Wall of Sheep team in the hopes of getting the information posted.  
However, the team refused because there is an unwritten rule at Black 
Hat/Defcon that the press room network is off limits to scanning.  
Coincidentally, I was already in the room interviewing the Wall of Sheep 
team members and the French reporters let me take a picture of their 
screen.

I published that picture and a short accompanying article here.  
Shortly before the article went live, TG Daily’s editor in chief 
Wolfgang Gruener called CNET to warn them about a possible breach in 
their network security.  Black Hat staff warned eWEEK’s Brian Price 
after our article went live.

Price confirmed to us that the login in the picture was indeed a valid 
one.  That username and password has since been changed and Price is 
taking everything in stride.  He told us that it was a good lesson in 
security and that he’ll be more careful in the future.  On the CNET 
side, it appears the login information isn’t valid and that the French 
reporters possibly made up the information.

The French reporters are Mauro Israel, Marc Brami, and Dominique Jouniot 
and they didn’t deny sniffing the network when confronted by Black Hat 
officials.  They added that they conducted a classic man in the middle 
attack.  The reporters have been permanently banned from Black Hat and 
Defcon, something which continues a long tradition of reporter bans at 
the hacker conventions.  Last year, Dateline’s Michelle Madigan quickly 
escaped from Defcon after being caught secretly filming attendees.  
Before that, reporters and cameramen from Argentina and Israel had been 
booted.

Afterwards the head of Black Hat technical operations explained that 
people shouldn’t automatically assume that switched networks are safe 
from sniffing.  He said there were several ways of obtaining traffic 
like arp address poisoning and running a rogue DHCP server to route 
traffic through the attacker’s laptop.

Kurt Opsahl, a senior staff attorney with the Electronic Frontier 
Foundation, said the French probably committed multiple crimes since 
there was a reasonable expectation of privacy on the press network.  
While he would not go on record about specific charges (since he wasn’t 
familiar with all the details), Opsahl said legal cases in the past have 
focused on whether people expect to be hacked on a specific network.  
At Black Hat and Defcon, you are almost guaranteed to be sniffed, hacked 
and owned by attendees, but the private press network is a different 
story.  Another legal source told us the hacking attempt could be a 
federal felony under Title 18 section 2511 of the United States Code.

While the situation is very unfortunate and shady on the part of the 
French contingent, it does slam home the point that you can’t trust any 
network … even one that has been promised to be off-limits to scanning.  
As more details of the hacking emerged, several reporters in the room 
were scrambling to change their login details for their various content 
management systems.